USG1100 - VPN IKEV2 occasionally AUTH fail
another_user
Posts: 12 Freshman Member
Hello all
after my last post --> https://businessforum.zyxel.com/discussion/4537/ssl-vpn-and-ad-group-identifier
i have upgradated to the last version V4.39(AAPK.0) that resolve le ssl vpn group access.
However, now i have an occasionally strange bug with VPN ike.
The configuration is the same, nothing is changed (only firmware)
AD --> windows server 2012 R2 64
Zyxel --> USG1100
VPN Ikev2 is configured like this tutorial https://mysupport.zyxel.com/hc/en-us/articles/360005744000--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Configuration-Payload-DHCP-connection-using-IKEv2
with AD + mschapv2 authentication
This VPN worked perfectly on firmware 4.31, now sometimes reporting (on Ike log) AUTH FAIL, this problem happens every 7-10 days for only 20-30 minutes (the time is very strange and variable), on multiple users simultaneously, than disappears after some minutes.
The connected users before error remains connected.
The clients are windows 10 with integrated VPN.
Seems the problem concern phase 1 - mschap, like the firewall sometimes didn't check the ad server for users login.
There is a correct AAA server mschap with user domain ad group, the firewall is on active directory, but i noticed that on auth metod, mschap is last and not present on default.
Could possibly resolve adding group ad_mschap on default method?
if you need more info just ask.
many thanks
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight